DOUBLE GUARD: DETECTING AND PREVENTING INTRUSIONS IN MULTI-TIER WEB APPLICATIONS

Internet services and applications are very useful in our day to day life like communication and the management of personal information as well as social information from anywhere and anytime. An advanced multi-tiered design is used wherein the web server runs the application front-end logic and data is outsourced to a database or file server which is used by the web services. An independent IDS would not be able to identify. This drawback has been overcome in Double guard system which utilises an IDS system that models the network behaviour of user sessions across both the front-end web server and the back-end database. This is achieved by monitoring both web and subsequent database requests. So it is possible to ferret out attacks completely. Furthermore, it quantify the limitations of any multitier IDS in terms of training sessions and functionality coverage. I have implemented Double Guard using an IIS(internet information and services) web server with MySQL. Double Guard can handle both types of attack also i.e. on Front End (HTTP) and Back end (SQL SERVER).